diff options
author | Andrew Bartlett <abartlet@samba.org> | 2023-03-02 17:24:15 +1300 |
---|---|---|
committer | Jule Anger <janger@samba.org> | 2023-03-20 10:03:51 +0100 |
commit | 0776ce5caedf18aa8cc1d1dddb1a425f3d0c926c (patch) | |
tree | e33241073ce0ee4ebb049ca471ee11e95c08c4b2 | |
parent | d564a5c816642269e0b6d0b37319fd47646487c0 (diff) | |
download | samba-0776ce5caedf18aa8cc1d1dddb1a425f3d0c926c.tar.gz |
CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN
Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
-rw-r--r-- | lib/ldb-samba/ldb_matching_rules.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c index b86594c1823..59d1385f4e3 100644 --- a/lib/ldb-samba/ldb_matching_rules.c +++ b/lib/ldb-samba/ldb_matching_rules.c @@ -67,7 +67,12 @@ static int ldb_eval_transitive_filter_helper(TALLOC_CTX *mem_ctx, * Note also that we don't have the original request * here, so we can not apply controls or timeouts here. */ - ret = dsdb_search_dn(ldb, tmp_ctx, &res, to_visit->dn, attrs, 0); + ret = dsdb_search_dn(ldb, + tmp_ctx, + &res, + to_visit->dn, + attrs, + DSDB_MARK_REQ_UNTRUSTED); if (ret != LDB_SUCCESS) { talloc_free(tmp_ctx); return ret; |